Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

TOP OF THE NEWS

New Guide For Windows 2000 PRO

The US National Institute for Standards and Technology released a security guide for Windows 2000 Professional desktop systems in configurations used by office workers, at home users, or road-warriors. NIST is inviting comments and suggestions on the guide. -http://csrc.nist.gov/itsec/guidance_W2Kpro.html

1 February 2002 Microsoft Coding Moratorium

As part of its new Trustworthy Computing Initiative, Microsoft will not write any new code for one month; instead, the company will use the time to debug its old code. -http://www.gcn.com/vol1_no1/daily-updates/17874-1.html[Editor's (Murray) Note: I am all in favor of MS cleaning up its execution. However, its strategy needs to be cleaned up too. ]

31 January 2002 Lawrence Livermore Bans Wireless LANs

Lawrence Livermore National Laboratory, a national defense technology research lab in California, has banned the use of wireless local area networks (LANs) due to security concerns. A lab spokesman said that Los Alamos National Laboratory might introduce a wireless network ban as well. -http://cgi.zdnet.com/slink?169109[Editor's (Murray) Note: Yesterday I received an ad for a wireless access point for $130-, down 50% from a year ago. Connectivity trumps security every time. A ban cannot succeed. The only way to successfully exclude wireless is to close the network. Get used to it. ]

THE REST OF THE WEEK'S NEWS

5 February 2002 Diekman Sentenced to 21 Months

Jason Allen Diekman, who went by the names 'Shadow Knight' and 'Dark Lord,' was ordered to spend 21 months in federal prison and to pay nearly $88,000 in restitution. On February 4. He had hacked into NASA computers and also used stolen credit cards to buy goods over the Internet. -http://www.latimes.com/news/local/la-000009016feb05.story

1 February 2002 Pirates Plead Guilty

Two men who pleaded guilty to charges stemming from their involvement in an Internet piracy group face up to five years in prison and $250,000 in fines. As part of their plea agreement, the two men revealed details about how group members hid the illegal software. -http://www.gcn.com/vol1_no1/daily-updates/17875-1.html

30 & 31 January 2002 SEC's Phony Site Gets Over 150,000 Hits

The Securities and Exchange Commission (SEC) used on-line investment scam tactics, including preying on people's fears and offering huge returns on investment with no risk, on a phony site designed to educate consumers about investment fraud. People who actually tried to invest were greeted with a warning message. The site received more than 150,00 hits in a three-day period; the SEC says it has planted other phony sites on the Internet in an effort to fight back against investment fraud. -http://news.com.com/2100-1017-826434.html-http://www.wired.com/news/business/0,1367,50125,00.html-http://www.computerworld.com/storyba/0,4125,NAV47_STO67866,00.html[Editor's (Ranum) Note: Educating people by telling them "YOU ARE STUPID!" is an interesting tactic. I guess it's impossible to deliver a cattle-prod like shock over the Internet effectively. ]

30 January 2002 Corley Will Continue to Fight DMCA

Eric Corley, who has been barred from posting a DVD descrambling program under the Digital Millennium Copyright Act (DMCA) has vowed to continue to fight the controversial law. In November 2001, a three-judge panel ruled that free speech provisions did not protect Corley's posting of the program. Corley's attorneys have requested a rehearing by the full 2nd Circuit Court of Appeals in New York; if that proves unsuccessful, they intend to take the case to the Supreme Court. -http://news.com.com/2100-1023-826710.html

29 January 2002 Navigator Flaw Exposes Cookies

A security hole in Netscape Navigator allows web page operators to look at site visitors' cookies. The flaw affects Navigator versions 6 through 6.2 and Mozilla versions 0.9.6 and earlier. Netscape is encouraging all its affected users to upgrade their web browsers. -http://www.computerworld.com/storyba/0,4125,NAV47_STO67803,00.html

29 January 2002 Alleged Hacker-Extortionist Held

A Russian hacker, identified as Nikolai, allegedly extorted $10,000 from a U.S. bank; he had threatened to expose account information he had stolen from a database on a server belonging to a company that provides online banking and bill payment services to financial institutions. Nikolai is being detained in Siberia. -http://www.theregister.co.uk/content/55/23861.html

24 January 2002 Study Says Most CIOs Not Prepared for Disasters

The results of a survey conducted by the Gartner consultancy and the Society for Information Management (SIM) indicate that while 88% of CIOs have back-up power supplies and 70% have back-up plans for network, software and other such failures, only about one-third have established business continuity plans that address the possibility of physical attacks. -http://www.eweek.com/article/0,3658,s%3D701%2526a%3D21681,00.asp==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites